HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Version 3.3 , CSP Policy


I have just installed the forum and its going great, good job guys.

I cannot seem to get the Content Security Policy headers to work properly though, I have ran grep on the code and can see that the implementation is there but how do you active it?


```$Configuration['ContentSecurityPolicy']['ScriptSrc']['AllowedDomains'] = ['my.domain'];```

to conf/config.php has no effect nor has removing 'my.domain'

any ideas?

Sign In or Register to comment.